1 /* 2 * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of KTH nor the names of its contributors may be 18 * used to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY 22 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE 25 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 #include "config.h" 35 36 #include <stdio.h> 37 #include <err.h> 38 #include <roken.h> 39 #include <getarg.h> 40 41 #include <krb5-types.h> /* or <inttypes.h> */ 42 #include <heimntlm.h> 43 44 static int 45 test_parse(void) 46 { 47 const char *user = "foo", 48 *domain = "mydomain", 49 *password = "digestpassword", 50 *target = "DOMAIN"; 51 struct ntlm_type1 type1; 52 struct ntlm_type2 type2; 53 struct ntlm_type3 type3; 54 struct ntlm_buf data; 55 int ret, flags; 56 57 memset(&type1, 0, sizeof(type1)); 58 59 type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM; 60 type1.domain = rk_UNCONST(domain); 61 type1.hostname = NULL; 62 type1.os[0] = 0; 63 type1.os[1] = 0; 64 65 ret = heim_ntlm_encode_type1(&type1, &data); 66 if (ret) 67 errx(1, "heim_ntlm_encode_type1"); 68 69 memset(&type1, 0, sizeof(type1)); 70 71 ret = heim_ntlm_decode_type1(&data, &type1); 72 free(data.data); 73 if (ret) 74 errx(1, "heim_ntlm_encode_type1"); 75 76 heim_ntlm_free_type1(&type1); 77 78 /* 79 * 80 */ 81 82 memset(&type2, 0, sizeof(type2)); 83 84 flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN; 85 type2.flags = flags; 86 87 memset(type2.challenge, 0x7f, sizeof(type2.challenge)); 88 type2.targetname = rk_UNCONST(target); 89 type2.targetinfo.data = NULL; 90 type2.targetinfo.length = 0; 91 92 ret = heim_ntlm_encode_type2(&type2, &data); 93 if (ret) 94 errx(1, "heim_ntlm_encode_type2"); 95 96 memset(&type2, 0, sizeof(type2)); 97 98 ret = heim_ntlm_decode_type2(&data, &type2); 99 free(data.data); 100 if (ret) 101 errx(1, "heim_ntlm_decode_type2"); 102 103 heim_ntlm_free_type2(&type2); 104 105 /* 106 * 107 */ 108 109 memset(&type3, 0, sizeof(type3)); 110 111 type3.flags = flags; 112 type3.username = rk_UNCONST(user); 113 type3.targetname = rk_UNCONST(target); 114 type3.ws = rk_UNCONST("workstation"); 115 116 { 117 struct ntlm_buf key; 118 heim_ntlm_nt_key(password, &key); 119 120 heim_ntlm_calculate_ntlm1(key.data, key.length, 121 type2.challenge, 122 &type3.ntlm); 123 free(key.data); 124 } 125 126 ret = heim_ntlm_encode_type3(&type3, &data); 127 if (ret) 128 errx(1, "heim_ntlm_encode_type3"); 129 130 free(type3.ntlm.data); 131 132 memset(&type3, 0, sizeof(type3)); 133 134 ret = heim_ntlm_decode_type3(&data, 1, &type3); 135 free(data.data); 136 if (ret) 137 errx(1, "heim_ntlm_decode_type3"); 138 139 if (strcmp("workstation", type3.ws) != 0) 140 errx(1, "type3 ws wrong"); 141 142 if (strcmp(target, type3.targetname) != 0) 143 errx(1, "type3 targetname wrong"); 144 145 if (strcmp(user, type3.username) != 0) 146 errx(1, "type3 username wrong"); 147 148 149 heim_ntlm_free_type3(&type3); 150 151 /* 152 * NTLMv2 153 */ 154 155 memset(&type2, 0, sizeof(type2)); 156 157 flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN; 158 type2.flags = flags; 159 160 memset(type2.challenge, 0x7f, sizeof(type2.challenge)); 161 type2.targetname = rk_UNCONST(target); 162 type2.targetinfo.data = "\x00\x00"; 163 type2.targetinfo.length = 2; 164 165 ret = heim_ntlm_encode_type2(&type2, &data); 166 if (ret) 167 errx(1, "heim_ntlm_encode_type2"); 168 169 memset(&type2, 0, sizeof(type2)); 170 171 ret = heim_ntlm_decode_type2(&data, &type2); 172 free(data.data); 173 if (ret) 174 errx(1, "heim_ntlm_decode_type2"); 175 176 heim_ntlm_free_type2(&type2); 177 178 return 0; 179 } 180 181 static int 182 test_keys(void) 183 { 184 const char 185 *username = "test", 186 *password = "test1234", 187 *target = "TESTNT"; 188 const unsigned char 189 serverchallenge[8] = "\x67\x7f\x1c\x55\x7a\x5e\xe9\x6c"; 190 struct ntlm_buf infotarget, infotarget2, answer, key; 191 unsigned char ntlmv2[16], ntlmv2_1[16]; 192 int ret; 193 194 infotarget.length = 70; 195 infotarget.data = 196 "\x02\x00\x0c\x00\x54\x00\x45\x00\x53\x00\x54\x00\x4e\x00\x54\x00" 197 "\x01\x00\x0c\x00\x4d\x00\x45\x00\x4d\x00\x42\x00\x45\x00\x52\x00" 198 "\x03\x00\x1e\x00\x6d\x00\x65\x00\x6d\x00\x62\x00\x65\x00\x72\x00" 199 "\x2e\x00\x74\x00\x65\x00\x73\x00\x74\x00\x2e\x00\x63\x00\x6f" 200 "\x00\x6d\x00" 201 "\x00\x00\x00\x00"; 202 203 answer.length = 0; 204 answer.data = NULL; 205 206 heim_ntlm_nt_key(password, &key); 207 208 ret = heim_ntlm_calculate_ntlm2(key.data, 209 key.length, 210 username, 211 target, 212 serverchallenge, 213 &infotarget, 214 ntlmv2, 215 &answer); 216 if (ret) 217 errx(1, "heim_ntlm_calculate_ntlm2"); 218 219 ret = heim_ntlm_verify_ntlm2(key.data, 220 key.length, 221 username, 222 target, 223 0, 224 serverchallenge, 225 &answer, 226 &infotarget2, 227 ntlmv2_1); 228 if (ret) 229 errx(1, "heim_ntlm_verify_ntlm2"); 230 231 if (memcmp(ntlmv2, ntlmv2_1, sizeof(ntlmv2)) != 0) 232 errx(1, "ntlm master key not same"); 233 234 if (infotarget.length > infotarget2.length) 235 errx(1, "infotarget length"); 236 237 if (memcmp(infotarget.data, infotarget2.data, infotarget.length) != 0) 238 errx(1, "infotarget not the same"); 239 240 free(key.data); 241 free(answer.data); 242 free(infotarget2.data); 243 244 return 0; 245 } 246 247 static int 248 test_ntlm2_session_resp(void) 249 { 250 int ret; 251 struct ntlm_buf lm, ntlm; 252 253 const unsigned char lm_resp[24] = 254 "\xff\xff\xff\x00\x11\x22\x33\x44" 255 "\x00\x00\x00\x00\x00\x00\x00\x00" 256 "\x00\x00\x00\x00\x00\x00\x00\x00"; 257 const unsigned char ntlm2_sess_resp[24] = 258 "\x10\xd5\x50\x83\x2d\x12\xb2\xcc" 259 "\xb7\x9d\x5a\xd1\xf4\xee\xd3\xdf" 260 "\x82\xac\xa4\xc3\x68\x1d\xd4\x55"; 261 262 const unsigned char client_nonce[8] = 263 "\xff\xff\xff\x00\x11\x22\x33\x44"; 264 const unsigned char server_challenge[8] = 265 "\x01\x23\x45\x67\x89\xab\xcd\xef"; 266 267 const unsigned char ntlm_hash[16] = 268 "\xcd\x06\xca\x7c\x7e\x10\xc9\x9b" 269 "\x1d\x33\xb7\x48\x5a\x2e\xd8\x08"; 270 271 ret = heim_ntlm_calculate_ntlm2_sess(client_nonce, 272 server_challenge, 273 ntlm_hash, 274 &lm, 275 &ntlm); 276 if (ret) 277 errx(1, "heim_ntlm_calculate_ntlm2_sess_resp"); 278 279 if (lm.length != 24 || memcmp(lm.data, lm_resp, 24) != 0) 280 errx(1, "lm_resp wrong"); 281 if (ntlm.length != 24 || memcmp(ntlm.data, ntlm2_sess_resp, 24) != 0) 282 errx(1, "ntlm2_sess_resp wrong"); 283 284 free(lm.data); 285 free(ntlm.data); 286 287 288 return 0; 289 } 290 291 static int 292 test_targetinfo(void) 293 { 294 struct ntlm_targetinfo ti; 295 struct ntlm_buf buf; 296 const char *dnsservername = "dnsservername"; 297 int ret; 298 299 memset(&ti, 0, sizeof(ti)); 300 301 ti.dnsservername = rk_UNCONST(dnsservername); 302 ti.avflags = 1; 303 ret = heim_ntlm_encode_targetinfo(&ti, 1, &buf); 304 if (ret) 305 return ret; 306 307 memset(&ti, 0, sizeof(ti)); 308 309 ret = heim_ntlm_decode_targetinfo(&buf, 1, &ti); 310 if (ret) 311 return ret; 312 313 if (ti.dnsservername == NULL || 314 strcmp(ti.dnsservername, dnsservername) != 0) 315 errx(1, "ti.dnshostname != %s", dnsservername); 316 if (ti.avflags != 1) 317 errx(1, "ti.avflags != 1"); 318 319 heim_ntlm_free_targetinfo(&ti); 320 321 return 0; 322 } 323 324 static int verbose_flag = 0; 325 static int version_flag = 0; 326 static int help_flag = 0; 327 328 static struct getargs args[] = { 329 {"verbose", 0, arg_flag, &verbose_flag, "verbose printing", NULL }, 330 {"version", 0, arg_flag, &version_flag, "print version", NULL }, 331 {"help", 0, arg_flag, &help_flag, NULL, NULL } 332 }; 333 334 static void 335 usage (int ret) 336 { 337 arg_printusage (args, sizeof(args)/sizeof(*args), 338 NULL, ""); 339 exit (ret); 340 } 341 342 int 343 main(int argc, char **argv) 344 { 345 int ret = 0, optind = 0; 346 347 setprogname(argv[0]); 348 349 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) 350 usage(1); 351 352 if (help_flag) 353 usage (0); 354 355 if(version_flag){ 356 print_version(NULL); 357 exit(0); 358 } 359 360 argc -= optind; 361 argv += optind; 362 363 if (verbose_flag) 364 printf("test_parse\n"); 365 366 ret += test_parse(); 367 if (verbose_flag) 368 printf("test_keys\n"); 369 370 ret += test_keys(); 371 if (verbose_flag) 372 printf("test_ntlm2_session_resp\n"); 373 ret += test_ntlm2_session_resp(); 374 375 if (verbose_flag) 376 printf("test_targetinfo\n"); 377 ret += test_targetinfo(); 378 379 return ret; 380 } 381